Cahyani Niken Dwi Wahyu, Martini Ben, Choo Kim-Kwang Raymond, Ab Rahman Nurul Hidayah, Ashman Helen
School of Information Technology & Mathematical Sciences, University of South Australia, Adelaide, SA, 5095, Australia.
Department of Informatics, Telkom University, Bandung, Indonesia.
J Forensic Sci. 2018 May;63(3):868-881. doi: 10.1111/1556-4029.13624. Epub 2017 Aug 17.
Communication apps can be an important source of evidence in a forensic investigation (e.g., in the investigation of a drug trafficking or terrorism case where the communications apps were used by the accused persons during the transactions or planning activities). This study presents the first evidence-based forensic taxonomy of Windows Phone communication apps, using an existing two-dimensional Android forensic taxonomy as a baseline. Specifically, 30 Windows Phone communication apps, including Instant Messaging (IM) and Voice over IP (VoIP) apps, are examined. Artifacts extracted using physical acquisition are analyzed, and seven digital evidence objects of forensic interest are identified, namely: Call Log, Chats, Contacts, Locations, Installed Applications, SMSs and User Accounts. Findings from this study would help to facilitate timely and effective forensic investigations involving Windows Phone communication apps.
通信应用程序可能是法医调查中的一个重要证据来源(例如,在贩毒或恐怖主义案件的调查中,被告人在交易或策划活动期间使用了通信应用程序)。本研究以现有的二维安卓法医分类法为基线,提出了首个基于证据的Windows Phone通信应用程序法医分类法。具体而言,研究了30个Windows Phone通信应用程序,包括即时通讯(IM)和互联网协议语音(VoIP)应用程序。分析了通过物理采集提取的工件,并识别出七个具有法医研究价值的数字证据对象,即:通话记录、聊天记录、联系人、位置、已安装应用程序、短信和用户账户。本研究的结果将有助于促进涉及Windows Phone通信应用程序的及时、有效法医调查。